Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirects, added banners and pageframes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser redirects, added banners and pageframes

Unread postby WinnipegIsSuper » March 29th, 2010, 8:27 am

ComboFix 10-03-28.03 - Patterson 03/29/2010 7:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1388 [GMT -5:00]
Running from: c:\users\Patterson\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 12:21 . 2010-03-29 12:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-29 12:21 . 2010-03-29 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-25 03:23 . 2010-03-25 03:23 -------- d-----w- C:\_OTM
2010-03-25 03:16 . 2010-03-25 03:16 -------- d-----w- c:\program files\ERUNT
2010-03-21 16:27 . 2010-03-27 14:17 -------- d-----w- c:\program files\trend micro
2010-03-21 16:27 . 2010-03-21 16:27 -------- d-----w- C:\rsit
2010-03-13 19:45 . 2010-03-13 19:45 -------- d-----w- c:\users\Patterson\AppData\Roaming\Malwarebytes
2010-03-13 19:45 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:45 . 2010-03-13 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 19:45 . 2010-03-13 19:45 -------- d-----w- c:\programdata\Malwarebytes
2010-03-13 19:45 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-12 09:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 09:01 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 09:01 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 22:05 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-11 22:05 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-28 20:31 . 2010-02-28 20:31 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 23:47 . 2009-01-05 22:44 -------- d-----w- c:\users\Patterson\AppData\Roaming\EndNote
2010-03-12 09:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-12 09:05 . 2008-09-27 05:25 -------- d-----w- c:\programdata\Microsoft Help
2010-02-25 00:34 . 2008-12-05 21:05 111408 ----a-w- c:\users\Patterson\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 15:16 . 2009-10-02 21:27 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 21:43 . 2008-12-10 15:46 -------- d-----w- c:\program files\DivX
2010-02-20 21:42 . 2010-02-20 21:42 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-14 23:54 . 2010-02-14 23:54 388096 ----a-r- c:\users\Patterson\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-14 23:54 . 2010-02-14 23:54 -------- d-----w- c:\program files\TrendMicro
2010-02-12 03:19 . 2010-02-09 04:50 -------- d-----w- c:\programdata\FLEXnet
2010-02-12 03:19 . 2010-02-09 04:49 -------- d-----w- c:\programdata\Rosetta Stone
2010-02-09 04:50 . 2010-02-09 04:50 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-02-05 16:39 . 2010-02-05 16:39 251376 ----a-w- c:\users\Patterson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-02-02 01:09 . 2010-02-02 01:09 -------- d-----w- c:\program files\The Rosetta Stone
2010-01-25 12:00 . 2010-02-23 23:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-23 23:58 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-23 23:58 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-23 23:58 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-23 23:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-23 23:58 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-23 23:58 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-23 23:58 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-23 23:58 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-23 23:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-23 23:58 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-23 23:58 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-23 23:58 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-23 23:58 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-23 23:58 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-23 23:58 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-23 23:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-15_00.32.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-12 09:01 . 2010-02-20 23:12 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhstipm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:12 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\wbhst_pm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:12 48128 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3wphost.dll
+ 2010-03-12 09:01 . 2010-02-20 23:12 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\w3tp.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhstipm.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\wbhst_pm.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 47616 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3wphost.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\w3tp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhstipm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\wbhst_pm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3wphost.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\w3tp.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 24064 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhstipm.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 22528 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\wbhst_pm.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 46592 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3wphost.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 15872 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\w3tp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:36 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhstipm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:36 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\wbhst_pm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:36 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3wphost.dll
+ 2010-03-12 09:01 . 2010-02-20 23:36 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\w3tp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 25088 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhstipm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 22016 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\wbhst_pm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 39424 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3wphost.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 15360 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\w3tp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:10 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.22343_none_75f500438adc1033\nshhttp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:06 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6002.18210_none_7588d25e71a8d091\nshhttp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.22638_none_741e5fb98da91dd1\nshhttp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:39 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6001.18428_none_739f90f4748364ef\nshhttp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:35 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.21227_none_7241c6f1907b8db3\nshhttp.dll
+ 2010-03-12 09:01 . 2010-02-20 23:54 24064 c:\windows\winsxs\x86_microsoft-windows-nshhttp_31bf3856ad364e35_6.0.6000.17022_none_71b326ce7762720f\nshhttp.dll
+ 2010-03-11 22:16 . 2009-10-14 14:12 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2EXT.dll
+ 2009-09-20 23:28 . 2009-04-11 06:28 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2EXT.dll
+ 2010-03-11 22:16 . 2009-10-14 15:08 23552 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2EXT.dll
+ 2006-11-02 12:36 . 2006-11-02 12:36 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2EXT.dll
+ 2010-03-11 22:16 . 2009-10-14 14:51 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2EXT.dll
+ 2010-03-11 22:16 . 2009-10-14 15:06 23040 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2EXT.dll
+ 2010-03-12 09:01 . 2010-02-20 23:12 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\wamregps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:11 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rscaext.dll
+ 2010-03-12 09:01 . 2010-02-20 23:11 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\rsca.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissyspr.dll
+ 2010-03-12 09:01 . 2010-02-20 21:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstas.exe
+ 2010-03-12 09:01 . 2010-02-20 21:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreset.exe
+ 2010-03-12 09:01 . 2010-02-20 23:08 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisreg.dll
+ 2010-03-12 09:01 . 2010-02-20 23:07 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\ahadmin.dll
+ 2010-03-12 09:01 . 2010-02-20 23:06 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\admwprox.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\wamregps.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rscaext.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\rsca.dll
+ 2009-12-09 09:05 . 2009-11-09 12:30 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissyspr.dll
+ 2009-12-09 09:05 . 2009-11-09 10:48 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstas.exe
+ 2009-12-09 09:05 . 2009-11-09 10:48 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreset.exe
+ 2009-12-09 09:05 . 2009-11-09 12:30 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisreg.dll
+ 2009-12-09 09:05 . 2009-11-09 12:28 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\ahadmin.dll
+ 2009-12-09 09:05 . 2009-11-09 12:28 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\admwprox.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\wamregps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rscaext.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\rsca.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissyspr.dll
+ 2010-03-12 09:01 . 2010-02-20 21:35 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstas.exe
+ 2010-03-12 09:01 . 2010-02-20 21:35 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreset.exe
+ 2010-03-12 09:01 . 2010-02-20 23:29 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisreg.dll
+ 2010-03-12 09:01 . 2010-02-20 23:26 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\ahadmin.dll
+ 2010-03-12 09:01 . 2010-02-20 23:26 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\admwprox.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\wamregps.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 38912 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rscaext.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\rsca.dll
+ 2009-12-09 09:05 . 2009-11-09 13:20 59392 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissyspr.dll
+ 2009-12-09 09:05 . 2009-11-09 11:21 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstas.exe
+ 2009-12-09 09:05 . 2009-11-09 11:21 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreset.exe
+ 2009-12-09 09:05 . 2009-11-09 13:20 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisreg.dll
+ 2009-12-09 09:05 . 2009-11-09 13:18 27136 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\ahadmin.dll
+ 2009-12-09 09:05 . 2009-11-09 13:18 51712 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\admwprox.dll
+ 2010-03-12 09:01 . 2010-02-20 23:36 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\wamregps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:35 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\rsca.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissyspr.dll
+ 2010-03-12 09:01 . 2010-02-20 21:31 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstas.exe
+ 2010-03-12 09:01 . 2010-02-20 21:31 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreset.exe
+ 2010-03-12 09:01 . 2010-02-20 23:31 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisreg.dll
+ 2010-03-12 09:01 . 2010-02-20 23:30 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\admwprox.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 10752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\wamregps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 26624 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\rsca.dll
+ 2010-03-12 09:01 . 2010-02-20 23:52 31232 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissyspr.dll
+ 2010-03-12 09:01 . 2010-02-20 21:46 30720 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstas.exe
+ 2010-03-12 09:01 . 2010-02-20 21:46 14848 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreset.exe
+ 2010-03-12 09:01 . 2010-02-20 23:52 89088 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisreg.dll
+ 2010-03-12 09:01 . 2010-02-20 23:50 51200 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\admwprox.dll
+ 2010-03-12 09:01 . 2010-02-20 23:12 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\w3dt.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\hwebcore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:07 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\w3dt.dll
+ 2009-12-09 09:05 . 2009-11-09 12:30 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\hwebcore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\w3dt.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\hwebcore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:40 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\w3dt.dll
+ 2009-12-09 09:05 . 2009-11-09 13:20 12800 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\hwebcore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:36 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\w3dt.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\hwebcore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 23552 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\w3dt.dll
+ 2010-03-12 09:01 . 2010-02-20 23:51 12288 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\hwebcore.dll
+ 2010-02-23 23:59 . 2010-01-23 09:20 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22320_none_17a1cecf1fe62f76\tzupd.exe
+ 2010-02-23 23:59 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18192_none_16ce813e06ff88ca\tzupd.exe
+ 2010-02-23 23:59 . 2010-01-23 09:43 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22612_none_15c82d6722b5f10f\tzupd.exe
+ 2010-02-23 23:59 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18410_none_153c8e22099a2170\tzupd.exe
+ 2010-02-23 23:59 . 2010-01-23 09:39 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21209_none_13f396ef25812ba9\tzupd.exe
+ 2010-02-23 23:59 . 2010-01-23 09:58 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.17007_none_1367f7aa0c655c0a\tzupd.exe
+ 2010-03-12 09:01 . 2010-02-20 23:07 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.22343_none_22e5433d125cc342\authsspi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:04 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6002.18210_none_22791557f92983a0\authsspi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:27 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.22638_none_210ea2b31529d0e0\authsspi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:35 43520 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6001.18428_none_208fd3edfc0417fe\authsspi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:30 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.21227_none_1f3209eb17fc40c2\authsspi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:50 36352 c:\windows\winsxs\x86_microsoft-windows-i..henticationbinaries_31bf3856ad364e35_6.0.6000.17022_none_1ea369c7fee3251e\authsspi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.22343_none_f7f4165eb3ad7c4d\httpapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:05 30720 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6002.18210_none_f787e8799a7a3cab\httpapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.22638_none_f61d75d4b67a89eb\httpapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:37 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6001.18428_none_f59ea70f9d54d109\httpapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.21227_none_f440dd0cb94cf9cd\httpapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:51 31232 c:\windows\winsxs\x86_microsoft-windows-http-api_31bf3856ad364e35_6.0.6000.17022_none_f3b23ce9a033de29\httpapi.dll
+ 2010-02-23 23:58 . 2010-01-06 16:01 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22303_none_8474f2d5770488ce\Apphlpdm.dll
+ 2010-02-23 23:58 . 2010-01-06 15:38 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18179_none_83a5a66c5e1a477e\Apphlpdm.dll
+ 2008-01-21 01:58 . 2010-03-27 14:07 42142 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-03-27 14:07 71544 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-27 05:22 . 2010-02-14 23:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-27 05:22 . 2010-03-27 13:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 22:57 . 2010-03-27 13:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-27 05:22 . 2010-02-14 23:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-27 05:22 . 2010-02-14 23:08 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-27 05:22 . 2010-03-27 13:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-23 23:59 . 2010-01-23 09:26 19456 c:\windows\servicing\GC32\tzupd.exe
- 2009-12-01 22:17 . 2010-02-08 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 22:17 . 2010-03-14 01:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 22:17 . 2010-03-14 01:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 22:17 . 2010-02-08 21:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 22:17 . 2010-03-14 01:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-01 22:17 . 2010-02-08 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-01 22:16 . 2010-02-14 23:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 22:16 . 2010-03-14 01:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 22:16 . 2010-02-14 23:08 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-01 22:16 . 2010-03-14 01:27 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 22:16 . 2010-02-14 23:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 22:16 . 2010-03-14 01:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-28 20:31 . 2010-02-28 20:31 49664 c:\windows\Installer\17017de2.msi
- 2009-11-11 09:04 . 2009-11-11 09:04 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-03-12 09:02 . 2010-03-12 09:02 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-03-12 09:01 . 2010-02-20 23:12 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\w3ctrlps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisrstap.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\w3ctrlps.dll
+ 2009-12-09 09:05 . 2009-11-09 12:30 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisrstap.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\w3ctrlps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisrstap.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\w3ctrlps.dll
+ 2009-12-09 09:05 . 2009-11-09 13:20 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisrstap.dll
+ 2010-03-12 09:01 . 2010-02-20 23:35 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\w3ctrlps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisrstap.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 9216 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\w3ctrlps.dll
+ 2010-03-12 09:01 . 2010-02-20 23:52 8192 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisrstap.dll
+ 2010-02-23 23:59 . 2010-01-23 09:20 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22320_none_17a1cecf1fe62f76\tzres.dll
+ 2010-02-23 23:59 . 2010-01-23 09:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18192_none_16ce813e06ff88ca\tzres.dll
+ 2010-02-23 23:59 . 2010-01-23 09:43 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22612_none_15c82d6722b5f10f\tzres.dll
+ 2010-02-23 23:59 . 2010-01-23 09:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18410_none_153c8e22099a2170\tzres.dll
+ 2010-02-23 23:59 . 2010-01-23 07:54 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21209_none_13f396ef25812ba9\tzres.dll
+ 2010-02-23 23:59 . 2010-01-23 08:05 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.17007_none_1367f7aa0c655c0a\tzres.dll
+ 2010-02-23 23:58 . 2010-01-06 13:31 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22303_none_0e955139088d9e83\AcRes.dll
+ 2009-05-12 03:19 . 2010-03-26 17:53 6204 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-05-07 12:52 . 2010-02-21 16:35 2642 c:\windows\System32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2008-12-07 17:33 . 2010-03-27 14:07 9110 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4156990812-1516790887-472691009-1000_UserData.bin
+ 2010-03-27 13:58 . 2010-03-27 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-14 23:08 . 2010-02-14 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-14 23:08 . 2010-02-14 23:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-27 13:58 . 2010-03-27 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-20 21:43 . 2010-02-20 21:43 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
+ 2010-02-20 21:43 . 2010-02-20 21:43 554832 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll
+ 2010-02-20 21:43 . 2010-02-20 21:43 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll
+ 2010-02-23 23:58 . 2010-01-25 12:37 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\secproc.dll
+ 2010-02-23 23:58 . 2010-01-25 08:28 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\RMActivate.exe
+ 2010-02-23 23:58 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\secproc.dll
+ 2010-02-23 23:58 . 2010-01-25 08:21 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\RMActivate.exe
+ 2010-02-23 23:58 . 2010-01-25 12:32 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\secproc.dll
+ 2010-02-23 23:58 . 2010-01-25 08:34 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\RMActivate.exe
+ 2010-02-23 23:58 . 2010-01-25 12:48 472064 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\secproc.dll
+ 2010-02-23 23:58 . 2010-01-25 08:34 511488 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\RMActivate.exe
+ 2010-02-23 23:58 . 2010-01-25 12:35 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\secproc.dll
+ 2010-02-23 23:58 . 2010-01-25 08:27 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\RMActivate.exe
+ 2010-02-23 23:58 . 2010-01-25 12:58 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\secproc.dll
+ 2010-02-23 23:58 . 2010-01-25 08:36 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\RMActivate.exe
+ 2010-02-23 23:58 . 2010-01-25 12:38 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\secproc_ssp.dll
+ 2010-02-23 23:58 . 2010-01-25 08:28 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\RMActivate_ssp.exe
+ 2010-02-23 23:58 . 2010-01-25 12:00 152064 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\secproc_ssp.dll
+ 2010-02-23 23:58 . 2010-01-25 08:21 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\RMActivate_ssp.exe
+ 2010-02-23 23:58 . 2010-01-25 12:33 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\secproc_ssp.dll
+ 2010-02-23 23:58 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\RMActivate_ssp.exe
+ 2010-02-23 23:58 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\secproc_ssp.dll
+ 2010-02-23 23:58 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\RMActivate_ssp.exe
+ 2010-02-23 23:58 . 2010-01-25 12:35 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\secproc_ssp.dll
+ 2010-02-23 23:58 . 2010-01-25 08:27 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\RMActivate_ssp.exe
+ 2010-02-23 23:58 . 2010-01-25 12:58 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\secproc_ssp.dll
+ 2010-02-23 23:58 . 2010-01-25 08:36 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\RMActivate_ssp.exe
+ 2010-02-23 23:58 . 2010-01-25 12:38 475648 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\secproc_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:28 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\RMActivate_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\secproc_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:21 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\RMActivate_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:33 476672 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\secproc_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:34 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\RMActivate_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:48 472576 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\secproc_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\RMActivate_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:35 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\secproc_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:28 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\RMActivate_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:58 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\secproc_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\RMActivate_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:38 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\secproc_ssp_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:28 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\RMActivate_ssp_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:00 152576 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\secproc_ssp_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:21 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\RMActivate_ssp_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:33 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\secproc_ssp_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:34 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\RMActivate_ssp_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\secproc_ssp_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:35 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\RMActivate_ssp_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:35 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\secproc_ssp_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:28 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\RMActivate_ssp_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:58 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\secproc_ssp_isv.dll
+ 2010-02-23 23:58 . 2010-01-25 08:36 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\RMActivate_ssp_isv.exe
+ 2010-02-23 23:58 . 2010-01-25 12:35 352768 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.22321_none_ea59157ba997c9d0\msdrm.dll
+ 2010-02-23 23:58 . 2010-01-25 11:58 332288 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.18193_none_e985c7ea90b12324\msdrm.dll
+ 2010-02-23 23:58 . 2010-01-25 12:31 336384 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.22613_none_e87f7413ac678b69\msdrm.dll
+ 2010-02-23 23:58 . 2010-01-25 12:45 329216 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.18411_none_e7f3d4ce934bbbca\msdrm.dll
+ 2010-02-23 23:58 . 2010-01-25 12:34 312832 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.21210_none_e6960acbaf43e48e\msdrm.dll
+ 2010-02-23 23:58 . 2010-01-25 12:56 312320 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.17008_none_e61f3e569616f664\msdrm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 374272 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.22343_none_dce43630c143fd87\iisw3adm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:05 373760 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6002.18210_none_dc78084ba810bde5\iisw3adm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.22638_none_db0d95a6c4110b25\iisw3adm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:37 371712 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6001.18428_none_da8ec6e1aaeb5243\iisw3adm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.21227_none_d930fcdec6e37b07\iisw3adm.dll
+ 2010-03-12 09:01 . 2010-02-20 23:52 322560 c:\windows\winsxs\x86_microsoft-windows-processmodellibraries_31bf3856ad364e35_6.0.6000.17022_none_d8a25cbbadca5f63\iisw3adm.dll
+ 2010-03-11 22:16 . 2009-10-14 14:12 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\WMM2AE.dll
+ 2010-03-11 22:16 . 2009-10-14 12:23 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.exe
+ 2009-09-20 23:29 . 2009-04-11 06:28 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\WMM2AE.dll
+ 2009-09-20 23:28 . 2009-04-11 06:27 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.exe
+ 2010-03-11 22:16 . 2009-10-14 15:08 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\WMM2AE.dll
+ 2010-03-11 22:16 . 2009-10-14 13:16 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\WMM2AE.dll
+ 2010-03-11 22:16 . 2009-10-14 12:43 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.exe
+ 2010-03-11 22:16 . 2009-10-14 14:51 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\WMM2AE.dll
+ 2010-03-11 22:16 . 2009-10-14 12:44 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.exe
+ 2010-03-11 22:16 . 2009-10-14 15:06 195072 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\WMM2AE.dll
+ 2010-03-11 22:16 . 2009-10-14 12:54 150016 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.exe
+ 2010-03-12 09:01 . 2010-02-20 23:10 333312 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\nativerd.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisutil.dll
+ 2010-03-12 09:01 . 2010-02-20 21:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iissetup.exe
+ 2010-03-12 09:01 . 2010-02-20 23:08 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisRtl.dll
+ 2010-03-12 09:01 . 2010-02-20 21:22 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iisres.dll
+ 2010-03-12 09:01 . 2010-02-20 23:11 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\iismig.dll
+ 2010-03-12 09:01 . 2010-02-20 21:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\aspnetca.exe
+ 2010-03-12 09:01 . 2010-02-20 23:07 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appobj.dll
+ 2010-03-12 09:01 . 2010-02-20 21:22 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\appcmd.exe
+ 2009-12-09 09:05 . 2009-11-09 12:31 331264 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\nativerd.dll
+ 2009-12-09 09:05 . 2009-11-09 12:30 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisutil.dll
+ 2009-12-09 09:05 . 2009-11-09 10:49 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iissetup.exe
+ 2009-12-09 09:05 . 2009-11-09 12:30 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisRtl.dll
+ 2009-12-09 09:05 . 2009-11-09 10:48 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iisres.dll
+ 2009-12-09 09:05 . 2009-11-09 12:32 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\iismig.dll
+ 2009-12-09 09:05 . 2009-11-09 10:49 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\aspnetca.exe
+ 2009-12-09 09:05 . 2009-11-09 12:28 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appobj.dll
+ 2009-12-09 09:05 . 2009-11-09 10:48 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\appcmd.exe
+ 2010-03-12 09:01 . 2010-02-20 23:30 331776 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\nativerd.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisutil.dll
+ 2010-03-12 09:01 . 2010-02-20 21:35 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iissetup.exe
+ 2010-03-12 09:01 . 2010-02-20 23:29 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisRtl.dll
+ 2010-03-12 09:01 . 2010-02-20 21:35 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iisres.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\iismig.dll
+ 2010-03-12 09:01 . 2010-02-20 21:35 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\aspnetca.exe
+ 2010-03-12 09:01 . 2010-02-20 23:26 311808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appobj.dll
+ 2010-03-12 09:01 . 2010-02-20 21:35 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.22638_none_115aab99ce010764\appcmd.exe
+ 2009-12-09 09:05 . 2009-11-09 13:22 326656 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\nativerd.dll
+ 2009-12-09 09:05 . 2009-11-09 13:20 202752 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisutil.dll
+ 2009-12-09 09:05 . 2009-11-09 11:22 228864 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iissetup.exe
+ 2009-12-09 09:05 . 2009-11-09 13:20 153600 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisRtl.dll
+ 2009-12-09 09:05 . 2009-11-09 11:21 193024 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iisres.dll
+ 2009-12-09 09:05 . 2009-11-09 13:23 209408 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\iismig.dll
+ 2009-12-09 09:05 . 2009-11-09 11:22 182784 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\aspnetca.exe
+ 2009-12-09 09:05 . 2009-11-09 13:18 311296 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appobj.dll
+ 2009-12-09 09:05 . 2009-11-09 11:21 154112 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6001.18428_none_10dbdcd4b4db4e82\appcmd.exe
+ 2010-03-12 09:01 . 2010-02-20 23:34 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\nativerd.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisutil.dll
+ 2010-03-12 09:01 . 2010-02-20 21:31 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iissetup.exe
+ 2010-03-12 09:01 . 2010-02-20 23:31 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisRtl.dll
+ 2010-03-12 09:01 . 2010-02-20 20:21 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iisres.dll
+ 2010-03-12 09:01 . 2010-02-20 23:35 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\iismig.dll
+ 2010-03-12 09:01 . 2010-02-20 21:31 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\aspnetca.exe
+ 2010-03-12 09:01 . 2010-02-20 23:30 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appobj.dll
+ 2010-03-12 09:01 . 2010-02-20 21:31 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.21227_none_0f7e12d1d0d37746\appcmd.exe
+ 2010-03-12 09:01 . 2010-02-20 23:54 236032 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\nativerd.dll
+ 2010-03-12 09:01 . 2010-02-20 23:52 189952 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisutil.dll
+ 2010-03-12 09:01 . 2010-02-20 21:47 195072 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iissetup.exe
+ 2010-03-12 09:01 . 2010-02-20 23:52 148480 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisRtl.dll
+ 2010-03-12 09:01 . 2010-02-20 20:30 183808 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iisres.dll
+ 2010-03-12 09:01 . 2010-02-20 23:55 128512 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\iismig.dll
+ 2010-03-12 09:01 . 2010-02-20 21:47 178176 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\aspnetca.exe
+ 2010-03-12 09:01 . 2010-02-20 23:50 297472 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appobj.dll
+ 2010-03-12 09:01 . 2010-02-20 21:47 150528 c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6000.17022_none_0eef72aeb7ba5ba2\appcmd.exe
+ 2010-03-12 09:01 . 2010-02-20 23:08 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.22343_none_6bd150839a36b650\isapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:05 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6002.18210_none_6b65229e810376ae\isapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.22638_none_69faaff99d03c3ee\isapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:37 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6001.18428_none_697be13483de0b0c\isapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:32 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.21227_none_681e17319fd633d0\isapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:52 107008 c:\windows\winsxs\x86_microsoft-windows-iis-isapiextensions_31bf3856ad364e35_6.0.6000.17022_none_678f770e86bd182c\isapi.dll
+ 2010-03-12 09:01 . 2010-02-20 23:08 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.22343_none_d1f1e1863fa65f97\iiscore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:05 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18210_none_d185b3a126731ff5\iiscore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:29 190976 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.22638_none_d01b40fc42736d35\iiscore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:37 189952 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6001.18428_none_cf9c7237294db453\iiscore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:31 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.21227_none_ce3ea8344545dd17\iiscore.dll
+ 2010-03-12 09:01 . 2010-02-20 23:52 164864 c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6000.17022_none_cdb008112c2cc173\iiscore.dll
+ 2010-03-12 09:01 . 2010-02-20 21:06 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.22343_none_af08d5a82f3c8f92\http.sys
+ 2010-03-12 09:01 . 2010-02-20 20:53 411648 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6002.18210_none_ae9ca7c316094ff0\http.sys
+ 2010-03-12 09:01 . 2010-02-20 21:20 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.22638_none_ad32351e32099d30\http.sys
+ 2010-03-12 09:01 . 2010-02-20 21:18 411136 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6001.18428_none_acb3665918e3e44e\http.sys
+ 2010-03-12 09:01 . 2010-02-20 21:16 398848 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.21227_none_ab559c5634dc0d12\http.sys
+ 2010-03-12 09:01 . 2010-02-20 21:30 396800 c:\windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.0.6000.17022_none_aac6fc331bc2f16e\http.sys
+ 2010-02-23 23:58 . 2010-01-06 16:01 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22303_none_0e995261088a03df\AcXtrnal.dll
+ 2010-02-23 23:58 . 2010-01-06 16:01 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22303_none_0e995261088a03df\AcLayers.dll
+ 2010-02-23 23:58 . 2010-01-06 15:38 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18179_none_0dca05f7ef9fc28f\AcXtrnal.dll
+ 2010-02-23 23:58 . 2010-01-06 15:38 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18179_none_0dca05f7ef9fc28f\AcLayers.dll
+ 2010-02-23 23:58 . 2010-01-06 16:01 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22303_none_0e985217088aea88\AcSpecfc.dll
+ 2010-02-23 23:58 . 2010-01-06 15:38 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18179_none_0dc905adefa0a938\AcSpecfc.dll
+ 2008-12-20 09:00 . 2010-03-18 22:59 227670 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-12-06 18:13 . 2010-03-29 12:09 210976 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2010-02-14 23:14 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-27 14:03 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-03-27 14:03 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-02-14 23:14 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 12:47 . 2010-02-24 09:19 414120 c:\windows\System32\FNTCACHE.DAT
+ 2010-02-17 23:08 . 2010-02-17 23:08 301568 c:\windows\Installer\ee92e6a.msi
+ 2010-02-20 21:42 . 2010-02-20 21:42 169472 c:\windows\Installer\1e0dd9cc.msi
- 2009-09-09 15:23 . 2010-02-12 09:02 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-03-25 03:20 . 2010-03-25 03:20 217088 c:\windows\ERDNT\3-24-2010\Users\00000002\NTUSER.DAT
+ 2010-03-25 03:20 . 2010-03-25 03:20 212992 c:\windows\ERDNT\3-24-2010\Users\00000001\NTUSER.DAT
+ 2010-03-25 03:20 . 2005-10-20 17:02 163328 c:\windows\ERDNT\3-24-2010\ERDNT.EXE
+ 2010-03-11 22:05 . 2009-12-08 20:14 3550264 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_6e4cf969caa5277f\ntoskrnl.exe
+ 2010-03-11 22:05 . 2009-12-08 20:14 3601464 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_6e4cf969caa5277f\ntkrnlpa.exe
+ 2010-03-11 22:05 . 2009-12-08 20:01 3548216 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_6dd5fb98b17a03ce\ntoskrnl.exe
+ 2010-03-11 22:05 . 2009-12-08 20:01 3600456 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_6dd5fb98b17a03ce\ntkrnlpa.exe
+ 2010-03-11 22:05 . 2009-12-08 20:36 3548760 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_6c755895cd731bc6\ntoskrnl.exe
+ 2010-03-11 22:05 . 2009-12-08 20:36 3600472 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_6c755895cd731bc6\ntkrnlpa.exe
+ 2010-03-11 22:05 . 2009-12-08 20:52 3546200 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_6bebb9e4b4557ed5\ntoskrnl.exe
+ 2010-03-11 22:05 . 2009-12-08 20:52 3597912 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_6bebb9e4b4557ed5\ntkrnlpa.exe
+ 2010-03-11 22:05 . 2009-12-08 22:29 3469912 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_6a8cef97d04e8e42\ntoskrnl.exe
+ 2010-03-11 22:05 . 2009-12-08 22:29 3503704 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_6a8cef97d04e8e42\ntkrnlpa.exe
+ 2010-03-11 22:05 . 2009-12-08 20:54 3467848 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_6a017a16b7328888\ntoskrnl.exe
+ 2010-03-11 22:05 . 2009-12-08 20:54 3502168 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_6a017a16b7328888\ntkrnlpa.exe
+ 2010-03-11 22:16 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22340_none_f4ccf2a581dea99c\OESpamFilter.dat
+ 2010-03-11 22:16 . 2010-02-15 09:49 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18208_none_f47697da689964c6\OESpamFilter.dat
+ 2010-03-11 22:16 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22635_none_f2f6521b84abb73a\OESpamFilter.dat
+ 2010-03-11 22:16 . 2010-02-15 09:51 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18426_none_f27883a06b8517af\OESpamFilter.dat
+ 2010-03-11 22:16 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21225_none_f11ab99d877d4073\OESpamFilter.dat
+ 2010-03-11 22:16 . 2010-02-15 09:50 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.17020_none_f08c197a6e6424cf\OESpamFilter.dat
+ 2010-02-23 23:58 . 2010-01-06 13:42 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_4473681dd77e3431\GameUXLegacyGDFs.dll
+ 2010-02-23 23:58 . 2010-01-06 16:03 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_4473681dd77e3431\gameux.dll
+ 2010-02-23 23:58 . 2010-01-06 13:30 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_43a41bb4be93f2e1\GameUXLegacyGDFs.dll
+ 2010-02-23 23:58 . 2010-01-06 15:39 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_43a41bb4be93f2e1\gameux.dll
+ 2010-02-23 23:58 . 2010-01-06 16:01 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22303_none_0e9751cd088bd131\AcGenral.dll
+ 2010-02-23 23:58 . 2010-01-06 15:38 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18179_none_0dc80563efa18fe1\AcGenral.dll
+ 2006-11-02 12:47 . 2010-03-12 09:23 4295827 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2006-11-02 12:47 . 2009-10-29 08:18 4295827 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-12-06 22:34 . 2010-03-14 01:26 1799648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-02-04 23:24 . 2010-02-04 23:24 9122304 c:\windows\Installer\134aca37.msp
+ 2010-02-21 07:00 . 2010-02-21 07:00 8480768 c:\windows\Installer\134aca11.msp
+ 2010-02-04 06:59 . 2010-02-04 06:59 5031936 c:\windows\Installer\134aca09.msp
- 2009-09-09 15:23 . 2010-02-12 09:02 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-09 15:23 . 2010-03-12 09:05 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2009-09-09 15:23 . 2010-02-12 09:02 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-03-25 03:20 . 2010-03-25 03:20 2842624 c:\windows\ERDNT\3-24-2010\Users\00000004\UsrClass.dat
+ 2010-03-25 03:20 . 2010-03-25 03:20 2195456 c:\windows\ERDNT\3-24-2010\Users\00000003\NTUSER.DAT
+ 2010-03-11 22:16 . 2009-10-14 14:10 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.22245_none_f4abc44d237d7ed9\MOVIEMK.dll
+ 2010-03-11 22:16 . 2009-10-14 13:58 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6002.18121_none_f433c6320a5341d1\MOVIEMK.dll
+ 2010-03-11 22:16 . 2009-10-14 15:06 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.22541_none_f2c1513d265ac459\MOVIEMK.dll
+ 2010-03-11 22:16 . 2009-10-14 14:45 10926592 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6001.18341_none_f237b28c0d3d2768\MOVIEMK.dll
+ 2010-03-11 22:16 . 2009-10-14 14:48 10921984 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.21139_none_f0edbb0f2925184a\MOVIEMK.dll
+ 2010-03-11 22:16 . 2009-10-14 15:02 10922496 c:\windows\winsxs\x86_microsoft-windows-moviemaker_31bf3856ad364e35_6.0.6000.16937_none_f062458e10091290\MOVIEMK.dll
+ 2010-02-28 20:31 . 2010-02-28 20:31 15710720 c:\windows\Installer\17017de8.msp
+ 2009-05-20 07:01 . 2010-03-12 09:01 242689925 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Patterson\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-09 133104]
"googletalk"="c:\users\Patterson\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-22 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ------w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.LNK]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK
backup=c:\windows\pss\AOLDDI.LNK.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 17:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-07-03 06:06 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 18:21 385024 ----a-w- c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7b,19,0c,00,6a,4f,ca,01

R3 RMWPService;RMWPService;c:\program files\Reference Manager 12\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-29 20537]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-21 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-21 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-21 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-12 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-12 83232]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-28 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-12 108552]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-03 104992]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-06-20 411488]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4156990812-1516790887-472691009-1000Core.job
- c:\users\Patterson\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-09 22:53]

2010-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4156990812-1516790887-472691009-1000UA.job
- c:\users\Patterson\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-09 22:53]

2010-03-29 c:\windows\Tasks\User_Feed_Synchronization-{3BDEFB4E-4148-451B-AA6F-92EFC2A713E4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Patterson\AppData\Roaming\Mozilla\Firefox\Profiles\k2ypviw7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.fark.com/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{767ce922-2125-14db-59bc-fb72531352c2}\components\RKFX-q93m.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Patterson\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\Patterson\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-29 07:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-29 07:24:22
ComboFix-quarantined-files.txt 2010-03-29 12:24
ComboFix2.txt 2010-02-15 00:34

Pre-Run: 130,376,105,984 bytes free
Post-Run: 129,828,237,312 bytes free

- - End Of File - - 4E05E0B7B4259288103063BA8EE0C3F2
WinnipegIsSuper
Active Member
 
Posts: 8
Joined: March 16th, 2010, 6:52 pm
Advertisement
Register to Remove

Re: Browser redirects, added banners and pageframes

Unread postby xixo_12 » March 29th, 2010, 8:46 am

Hi,
Let's try this.

First,
CFScript
  • Close any open browsers.
  • Open notepad and copy/paste the text in the code box below into it:
    Code: Select all
    Firefox::
    FF - ProfilePath - c:\users\Patterson\AppData\Roaming\Mozilla\Firefox\Profiles\k2ypviw7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
    FF - prefs.js: browser.startup.homepage - hxxp://www.fark.com/
    FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
    Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Checklist.
Please post.
  • Content of ComboFix.txt
  • Please let me know again about the issue
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirects, added banners and pageframes

Unread postby xixo_12 » March 31st, 2010, 7:01 am

Hello :),

Reminder.
It's 48 hours since my last reply.
Please let me know if you have any problems to understand my instructions or you need an extra time.
In order to maintain our policy,
You have, next 24 hours to reply at this topic, otherwise it will be closed as inactive.

Regards,
xixo_12
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Browser redirects, added banners and pageframes

Unread postby Dakeyras » April 1st, 2010, 11:13 am

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware